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The MAILING DATE of this communication appears on the cover sheet with the correspondence address -- 
Period for Reply 

A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 .136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If the period for reply specified above is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days will be considered timely. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 

- Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 
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1 Responsive to communication(s) filed on 14 August 2003 . 
2a)^ This action is FINAL. 2b)D This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 11, 453 O.G. 213. 
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4) ^ Claim(s) 1-120 is/are pending in the application. 
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6) E3 Claim(s) 1-120 is/are rejected. 
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Response to Amendment 

This is in response to an amendment file on August 14 th , 2003 for letter for patent filed 
on October 16 th , 2000 in which claims 1-120 were presented for examination. In the amendment, 
claims 1, 42, 72 and 104 have been amended, no claim has been canceled, and no claim has been 

added. Claims 1-120 remain pending in the letter. 

Terminal Disclaimer 

1. The terminal disclaimer filed on August 14 th , 2003 disclaiming the terminal portion of 
any patent granted on this application which would extend beyond the expiration date of 
09/688,452 has been reviewed and is accepted. The terminal disclaimer has been recorded. 



Response to Arguments 



2. Applicant's arguments with respect to claims 1-120 have been considered but are moot in 
view of the new ground(s) of rejection. 



Double Patenting 



3. The nonstatutory double patenting rejection is based on a judicially created doctrine 
grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or 
improper timewise extension of the "right to exclude" granted by a patent and to prevent possible 
harassment by multiple assignees. See In re Goodman, 1 1 F.3d 1046, 29 USPQ2d 2010 (Fed. 
Cir. 1993); In reLongi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 
F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 
1970);and, In re Thorington y 418 F.2d 528, 163 USPQ 644 (CCPA 1969). 

A timely filed terminal disclaimer in compliance with 37 CFR 1.321(c) may be used to 
overcome an actual or provisional rejection based on a nonstatutory double patenting ground 
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provided the conflicting application or patent is shown to be commonly owned with this 
application. See 37 CFR 1.130(b). 

Effective January 1, 1994, a registered attorney or agent of record may sign a terminal 
disclaimer. A terminal disclaimer signed by the assignee must fully comply with 37 
CFR 3.73(b). 

4. Claims 1-71 are provisionally rejected under the judicially created doctrine of 
obviousness-type double patenting as being unpatentable over claims 1-70 of copending 
Application No. 09/688,456. Although the conflicting claims are not identical, they are not 
patentably distinct from each other because they both define inventions that are obvious 
variations of each other and achieving the same end result. Accordingly, it would have been 
obvious to those in possession of the inventive concept disclosed in claims 1-71 are already 
included in the inventive concept disclosed in claims 1-70 of copending application 09/688,456. 
Furthermore, one of ordinary skill in the art at the time the invention was made would have 
realized the exclusion of "a state machine for determining a state corresponding to one or more 
commands available to an authenticating user" in claim 1, and the substitution of "determining 
a state in a state machine for availability of one or more commands " by "including 
cryptographically protected data using a stored secret" in claim 41 of the copending application 
09/688,456 are obvious expedient since the remaining element are defined in the claims. In re 



Karlson, 136USPQ 184 (CCPA 1963). 



This is a provisional obviousness-type double patenting rejection because the conflicting 



claims have not in fact been patented. 



Claim Rejections - 35 USC § 103 
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6. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

7. Claims 1-120 are rejected under 35 U.S.C. 103(a) as being unpatentable over Leon (U.S. 
Patent No 6,424,954) in view of Whitehouse (U.S. Patent No. 6,005,945) in further view of 
Cordery et al (U.S. Patent No. 6,567,794). 

8. As per claim 1, Leon teaches a cryptographic device (SMD, 110a, 110b comprise a 
cryptographic module) for securing data on a computer network (network 100a f 100b, fig 1A, 
IB) comprising a processor (processor, 210) programmed to authenticate (authenticate) a 
plurality of users (users, 120, fig 1A, IB) on the computer network (network 100a, 100b, fig 1A, 
IB) for secure processing of a value bearing item (postal indicium, fig 9) wherein the processor 
include a state machine for determine a state corresponding to availability of one or more 
commands (see abstract, figs 5a -7, column 9 line 35-67), a cryptographic engine (cryptographic 
module) for cryptographically protecting data, and an interface (interface, 222, 236, fig 2 A) for 
communicating with the computer network (see column 4 line 21-55). Leon fails to teach a 
memory for storing security device transaction data for ensuring authenticity of a user, wherein 
the security device transaction data is related to the one of the plurality of users. However, 
Whitehouse teaches a memory (memory, 154) for storing (stores) security device transaction data 
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{records) for ensuring authenticity of a user, wherein the security device transaction data is 
related to the one of the plurality of users {see fig 4, column 8 lines 30-67), Therefore, it would 
have been obvious to one of ordinary skill in the art at the time the invention was made to 
modify Leon's inventive concept to include Whitehouse's memory for storing security device 
transaction data for ensuring authenticity of a user, wherein the security device transaction data 
is related to the one of the plurality of users because this would have protected the privacy of 
those transaction and the privacy of the user thereby making easier for the system to retrieve and 
identify the user of the system. Furthermore, the combination of Leon and Whitehouse fails to 
teach an inventive concept wherein the cryptographic module is remotely located from the user 
and module for processing value of the value bearing item. However, Cordery et al teach an 
inventive concept wherein the cryptographic module is remotely located from the user and 
module for processing value of the value bearing item {see figs 1, 3 and 5, column 1 lines 24-65). 
Therefore it would have been obvious to one of ordinary skill in the art at the time the invention 
was made to modify the combination of Leon and Whitehouse to include Cordery et al's 
inventive concept wherein the cryptographic module is remotely located from the user and 
module for processing value of the value bearing item because this would have eliminate stolen 
and relocated meter problems and simplifies meter management in general. 

9. As per claims 2-8, Leon teaches a cryptographic device wherein the state machine 
includes one or more of an uninitialized state, an initialized state, an operational state, an 
administrative state, an exporting shares state, an importing shares state, and an error state (see 
abstract, figs 5a -7, column 9 line 59-67). 
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10. As per claim 9 5 Leon teaches a cryptographic device wherein on or more command 
corresponding to the uninitialized state includes a command for start initializing (figs 6a-6e, 
column 10 lines 10-16). 

11. As per claim 10, Leon teaches a cryptographic device wherein the one or more 
commands corresponding to the initialized state includes commands for one or more of get status 
command, initialize access control database command, logon command, logoff command, query 
current user role command, query current user ED command, session management commands, 
audit entry creation command, generate master key set command, and generate transport key pair 
commands (see abstract, figs 5a -7, column 10 lines 10-16, 13 lines 26-47). 

12. As per claim 11, Leon teaches a cryptographic device wherein the one or more 
commands corresponding to the operational state include commands for one or more of access 
control, session management, key management, and audit support (see column 11 lines 36-43). 

13. As per claim 12, Leon teaches a cryptographic device wherein the commands for access 
control include one or more of transition to administrative state command, logon command, 
logoff command, query current user role command, query current user ID command, view access 
control database command, change password command, set clock command, and set Status 
command (see fig 5b, column 13 lines 63-14 line 31). 
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14. As per claim 13, Leon teaches the inventive concept as disclosed in claims 1 and 11. 
Leon fail to teach a cryptographic device wherein the commands for session management 
include one or more of open session command, close Session command, compute session MAC 
command, verify session, MAC command, session encrypt command, and session decrypt 
command. However, Whitehouse teaches a cryptographic device wherein the commands for 
session management include one or more of open session command, close Session command, 
compute session MAC command, verify session, MAC command, session encrypt command, 
and session decrypt command {see column 9 lines 32-67). Therefore, it would have been obvious 
to one of ordinary skill in that art at the time the invention was made to modify Leon's inventive 
concept to include Whitehouse's cryptographic device wherein the commands for session 
management include one or more of open session command, close Session command, compute 
session MAC command, verify session, MAC command, session encrypt command, and session 
decrypt command because this would have avoided the need for key encryption in the user's 
computer. 

15. As per claim 14, Leon teaches a cryptographic device wherein the commands for key 
management include one or more of export transport public key command, start importing MKS 
command, create MKS shares command, generate MKS command, activate MKS command, 
delete dormant MKS command, global decrypt and MAC command, compute MAC command, 
verify MAC, and encryption and MAC translation commands {see column 13 lines 36-62). 
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16. As per claim 15, Leon teaches a cryptographic device wherein the commands for audit 
support include one or more of create audit entry command, create audit key command, and 
export audit verification key command (see abstract, figs 5f, see column 18 line 18-40, 24 line 
60-25 line 5). 

17. As per claim 16, Leon teaches a cryptographic device wherein the one or more 
commands corresponding to the administrative state include commands for one or more of create 
account command, delete account command, modify account command, view access control 
database command, end admin command, logon command, logoff command, query current user 
role command, query current user ID command, set clock command, get status command, 
session management commands, and audit entry creation command (see abstract, figs 5a -7, see 
column 9 line 35-67). 

18. As per claim 17, Leon teaches a cryptographic device wherein the one or more 
commands corresponding to the exporting shares state include commands for one or more of 
logon command, logoff command, query Current User Role command, query current user ED 
command, export share command, abort export command, get status command, session 
management commands, and audit entry creation command (see column 8 line 63-9 line 19). 

1 9. As per claim 1 8, Leon teaches a cryptographic device wherein the one or more 
commands corresponding to the importing shares state include command for one more of logon 
command, logoff command, query current user role command, query current user ID command, 
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export transport public key command, import share command, combine shares command, set 
status command, session management commands, and audit entry creation command {see 
column 8 line 63-9 line 19). 

20. As per claim 19, Leon teaches a cryptographic device wherein the one or more 
commands corresponding to the error state include commands for one or more of get status 
command, and access control queries command {see column 10 lines 39-46). 

21 . As per claim 20, Leon teaches a cryptographic device further comprising computer 
executable code to keep track of a present operational state (see abstract, figs 5a -7, see column 
9 line 35-67). 

22. As per claim 21, Leon teaches a cryptographic device wherein the processor is 
programmed to verify that the authenticated user is authorized to assume a role and perform a 
corresponding operation {see fig 5A, column 12 lines 30-42, table 1 in column 12). 

23. As per claim 22, Leon teaches a cryptographic device wherein the cryptographic device 
includes a computer executable code for preventing unauthorized disclosure of data {see fig 5E- 
5E-2, column 17 lines 47-54, 19 lines 33-42). 
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24. As per claim 23, Leon teaches a cryptographic device wherein the cryptographic device 
includes a computer executable code for supporting multiple concurrent users and maintaining a 
separation of roles and operations performed by each user (see fig 1A, IB). 

25. As per claims 24-27, Leon teaches a cryptographic device wherein the value bearing 
item include a postage value including a postal indicium comprises a digital signature, a 
postage amount, an ascending register of used postage and descending register of available 
postage (see fig 8F, table 3 column 42). 

26. As per claim 28-33, Leon teaches a cryptographic device wherein the value bearing item 
is a ticket, a bar code, a coupon, a currency, a traveler's check, a voucher (see fig 9). 

27. As per claim 34, Leon teaches a cryptographic device wherein each security device 
transaction data includes an ascending register value, a descending register value, a respective 
cryptographic device ID, an indicium key certificate serial number, a licensing ZIP code, a key 
token for an indicium signing key, user secrets, a key for encrypting user secrets, data and time 
of last transaction, last challenge received from a respective client subsystem, an operational 
state of the respective device, expiration dates for keys, and a passphrase repetition list (see fig 
8F, table 3 column 42). 
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28. As per claim 35, Leon teaches a cryptographic device wherein each security device 
transaction data includes information to define the present operational state of the device (see 
abstract, figs 5a -7, see column 9 line 35-67) 

29. As per claim 36, Leon teaches a cryptographic device wherein the processor is capable of 
sharing a secret with a plurality of other cryptographic devices (see column 13 lines 48-62). 

30. As per claim 37-40, Leon teaches a cryptographic device wherein the processor and the 
cryptographic engine generate a master key set (MKS) including a Master Encryption Key 
(MEK) used to encrypt keys when stored outside the device and a Master Authentication Key 
(MAK) used to compute a DES MAC for signing keys when stored outside of the device 
exported to other cryptographic devices by any cryptographic device and wherein the 
cryptographic engine is programmed to perform one or more of Ri vest, Shamir and Adleman 
(RSA) public key encryption, DES, Triple-DES, DSA signature, SHA-1, and Pseudo-random 
number generation algorithms (see column 13 lines 48-62). 

31. As per claim 41, Leon teaches a cryptographic device wherein at least one of the plurality 
of users is an enterprise account (see fig 1). 

32. As per claims 42 and 44, Leon teaches a method for securing (SMD, 110a f 110b 
comprise a cryptographic module) data {postal/metering information) on a computer network 
(network 100a, 100b, fig 1A, IB) including a plurality of users (users, 120, fig 1A, IB) 
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comprising authenticating {authenticate) and authorizing {authorizing) the plurality of users 
{users, 120, fig 1A, IB) for secure processing of a value bearing item {postal indicium, fig 9) 
and determining a state machine for availability of one or more commands (see abstract, figs 
5a -7, column 9 line 35-67), Leon fails to teach a memory for storing security device transaction 
data for ensuring authenticity of a user, wherein the security device transaction data is related to 
the one of the plurality of users. However, Whitehouse teaches a memory {memory, 154) for 
storing {stores) security device transaction data {records) for ensuring authenticity and 
authorization users, wherein the security device transaction data is related to the one of the 
plurality of users {see fig 4, column 8 lines 30-67). Therefore, it would have been obvious to one 
of ordinary skill in the art at the time the invention was made to modify Leon's inventive concept 
to include Whitehouse's memory for storing security device transaction data for ensuring 
authenticity of a user, wherein the security device transaction data is related to the one of the 
plurality of users because this would have protected the privacy of those transaction and the 
privacy of the user thereby making easier for the system to retrieve and identify the user of the 
system. Furthermore, the combination of Leon and Whitehouse fails to teach an inventive 
concept of remotely-located user and managing value of the value bearing item. However, 
Cordery et al teach an inventive concept of remotely-located user and managing value of the 
value bearing item {see figs 1, 3 and 5, column 1 lines 24-65). Therefore it would have been 
obvious to one of ordinary skill in the art at the time the invention was made to modify the 
combination of Leon and Whitehouse to include Cordery et al's inventive concept of remotely- 
located user and managing value of the value bearing item because this would have eliminate 
stolen and relocated meter problems and simplifies meter management in general. 
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33. As per claim 43, Leon teaches a method for securing of printing the value bearing item 
(see fig 9). 

34. As per claim 45, Leon teaches a method for securing of loading a security device 
transaction data related to the cryptographic device when the user requests to operate on a value 
bearing item (see column 9 lines 1-10). 

35. As per claim 46, Leon teaches a method for securing of authenticating the identity of 
each user and verifying that the identified user is authorized to assume a role and to perform a 
corresponding operation (see column 8 line 45-61). 

36. As per claims 47-53, Leon teaches a method wherein the state machine includes one or 
more of an uninitialized state, an initialized state, an operational state, an administrative state, an 
exporting shares state, an importing shares state, and an error state (see abstract, figs 5a -7, see 
column 9 line 35-67). 

37. As per claim 54, Leon teaches a method wherein on or more command corresponding to 
the uninitialized state includes a command for start initializing (see figs 5 A, 5B, 6). 

38. As per claim 55, Leon teaches a method wherein the one or more commands 
corresponding to the initialized state includes commands for one or more of get status command, 
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initialize access control database command, logon command, logoff command, query current 
user role command, query current user ID command, session management commands, audit 
entry creation command, generate master key set command, and generate transport key pair 
commands {see fig 5 A, 5B, column 10 line 10-16). 

39. As per claim 56, Leon teaches a method wherein the one or more commands 
corresponding to the operational state include commands for one or more of access control, 
session management, key management, and audit support {see abstract, figs 5f, see column 18 
line 18-40, 24 line 60-25 line 5). 

40. As per claim 57, Leon teaches a method wherein the commands for access control 
include one or more of transition to administrative state command, logon command, logoff 
command, query current user role command, query current user ID command, view access 
control database command, change password command, set clock command, and set Status 
command {see column 8 line 45-62). 

41 . As per claim 58, Leon teaches the inventive concept as disclosed in claims 1 and 1 1 . 
Leon fails to teach a cryptographic device wherein the commands for session management 
include one or more of open session command, close Session command, compute session MAC 
command, verify session, MAC command, session encrypt command, and session decrypt 
command. However, Whitehouse teaches a cryptographic device wherein the commands for 
session management include one or more of open session command, close Session command, 
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compute session MAC command, verify session, MAC command, session encrypt command, 
and session decrypt command (see column 9 lines 32-67). Therefore, it would have been obvious 
to one of ordinary skill in that art at the time the invention was made to modify Leon's inventive 
concept to include Whitehouse's cryptographic device wherein the commands for session 
management include one or more of open session command, close Session command, compute 
session MAC command, verify session, MAC command, session encrypt command, and session 
decrypt command because this would have avoided the need for key encryption in the user's 
computer. 

42. As per claim 59, Leon teaches a method wherein the commands for key management 
include one or more of export transport public key command, start importing MKS command, 
create MKS shares command, generate MKS command, activate MKS command, delete dormant 
MKS command, global decrypt and MAC command, compute MAC command, verify MAC, 
and encryption and MAC translation commands (see fig 5E-5E-2, column 1 7 lines 47-54, 19 
lines 33-42). 

43. As per claim 60, Leon teaches a method wherein the commands for audit support include 
one or more of create audit entry command, create audit key command, and export audit 
verification key command (see abstract, figs 5f t see column 18 line 18-40, 24 line 60-25 line 5). 

44. As per claim 61, Leon teaches a method wherein the one or more commands 
corresponding to the administrative state include commands for one or more of create account 
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command, delete account command, modify account command, view access control database 
command, end admin, command, logon command, logoff command, query current user role 
command, query current user ID command, set clock command, get status command, session 
management commands, and audit entry creation command (see column 8 lines 63-9 line 33). 

45. As per claim 62, Leon teaches a method wherein the one or more commands 
corresponding to the exporting shares state include commands for one or more of logon 
command, logoff command, query Current User Role command, query current user ID 
command, export share command, abort export command, get status command, session 
management commands, and audit entry creation command (see fig 5A, column 12 lines 30-42, 
table 1 in column 12). 

46. As per claim 63, Leon teaches a method wherein the one or more commands 
corresponding to the importing shares state include command for one more of logon command, 
logoff command, query current user role command, query current user ID command, export 
transport public key command, import share command, combine shares command, set status 
command, session management commands, and audit entry creation command (see fig 5 A, 
column 12 lines 30-42, table 1 in column 12). 

47. As per claim 64, Leon teaches a method wherein the one or more commands 
corresponding to the error state include commands for one or more of get status command, and 
access control queries command (see column 10 lines 39-46). 
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48. As per claims 65-68, Leon teaches a method of printing a postage value including a 
postal indicium comprises a digital signature, a postage amount, an ascending register of used 
postage and descending register of available postage {see fig 8F, table 3 column 42). 

49. As per claim 69-71, Leon teaches a method or printing a ticket, a bar code, a coupon, 
{see fig 9). 

50. As per claim 72, Leon teaches a security system {SMD, 110a, 110b comprise a 
cryptographic module) for securing data (postal/metering information) in a computer network 
(network 100a, 100b, fig 1A, IB) comprising a plurality of user terminals {users, 120, fig 1A, IB) 
coupled {connected) to the computer network (network 100a, 100b, fig 1A, IB), a cryptographic 
device {cryptographic key) remote from the plurality of user terminals and coupled to the 
computer network, wherein the cryptographic device {SMD, 110a, 110b comprise a 
cryptographic module) includes a state machine {state diagram/method, fig 6A) for determining 
a state machine for availability of one or more commands available to authenticating user. Leon 
fails to teach a plurality of security device transaction data for ensuring authenticity of the one or 
more users, wherein each security device transaction data is related to a user. However, 
Whitehouse teaches a plurality of security device transaction data for ensuring authenticity of the 
one or more users, wherein each security device transaction data is related to a user {see fig 3, 4 
and 7, column 8 line 30-9 line 63). Therefore, it would have been obvious to one of ordinary skill 
in the art at the time the invention was made to modify Leon's inventive concept to include 
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Whitehouse's a plurality of security device transaction data for ensuring authenticity of the one 
or more users, wherein each security device transaction data is related to a user because this 
would have protected the privacy of those transaction and the privacy of the user thereby making 
easier for the system to retrieve and identify the user of the system. Furthermore, the 
combination of Leon and Whitehouse fails to teach an inventive concept of managing value of 
available to user. However, Cordery et al teach an inventive concept of managing value of 
available to user {see figs 1, 3 and 5, column 1 lines 24-65). Therefore it would have been 
obvious to one of ordinary skill in the art at the time the invention was made to modify the 
combination of Leon and Whitehouse to include Cordery et al's inventive concept of managing 
value of available to user because this would have eliminate stolen and relocated meter problems 
and simplifies meter management in general. 

51. As per claim 73, Leon teaches a security system wherein the security device transaction 
data related to a user is loaded into the cryptographic device when the user requests to operate on 
a value bearing item {see fig 9). 

52. As per claims 74-80, Leon teaches a method wherein the state machine includes one or 
more of an uninitialized state, an initialized state, an operational state, an administrative state, an 
exporting shares state, an importing shares state, and an error state (see abstract, figs 5a -7, see 
column 9 line 35-67). 
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53. As per claim 81, Leon teaches a method wherein on or more command corresponding to 
the uninitialized state includes a command for start initializing (see figs 5 A, 5B, 6). 

54. As per claim 82, Leon teaches a method wherein the one or more commands 
corresponding to the initialized state includes commands for one or more of get status command, 
initialize access control database command, logon command, logoff command, query current 
user role command, query current user ID command, session management commands, audit 
entry creation command, generate master key set command, and generate transport key pair 
commands (see fig 5 A, 5B, column 10 line 10-16). 

55. As per claim 83, Leon teaches a method wherein the one or more commands 
corresponding to the operational state include commands for one or more of access control, 
session management, key management, and audit support (see abstract, figs 5fi see column 18 
line 18-40, 24 line 60-25 line 5). 

56. As per claim 84, Leon teaches a method wherein the commands for access control 
include one or more of transition to administrative state command, logon command, logoff 
command, query current user role command, query current user ID command, view access 
control database command, change password command, set clock command, and set Status 
command (see column 8 line 45-62), 
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57. As per claim 85, Leon teaches the inventive concept as disclosed in claims 1 and 11. 
Leon fails to teach a cryptographic device wherein the commands for session management 
include one or more of open session command, close Session command, compute session MAC 
command, verify session, MAC command, session encrypt command, and session decrypt 
command. However, Whitehouse teaches a cryptographic device wherein the commands for 
session management include one or more of open session command, close Session command, 
compute session MAC command, verify session, MAC command, session encrypt command, 
and session decrypt command (see column 9 lines 32-67). Therefore, it would have been obvious 
to one of ordinary skill in that art at the time the invention was made to modify Leon's inventive 
concept to include Whitehouse's cryptographic device wherein the commands for session 
management include one or more of open session command, close Session command, compute 
session MAC command, verify session, MAC command, session encrypt command, and session 
decrypt command because this would have avoided the need for key encryption in the user's 
computer. 

58. As per claim 86, Leon teaches a method wherein the commands for key management 
include one or more of export transport public key command, start importing MKS command, 
create MKS shares command, generate MKS command, activate MKS command, delete dormant 
MKS command, global decrypt and MAC command, compute MAC command, verify MAC, 
and encryption and MAC translation commands (see fig 5E-5E-2, column 1 7 lines 47-54, 19 
lines 33-42). 
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59. As per claim 87, Leon teaches a method wherein the commands for audit support include 
one or more of create audit entry command, create audit key command, and export audit 
verification key command (see column 8 line 45-62). 

60. As per claim 88, Leon teaches a method wherein the one or more commands 
corresponding to the administrative state include commands for one or more of create account 
command, delete account command, modify account command, view access control database 
command, end admin command, logon command, logoff command, query current user role 
command, query current user ID command, set clock command, get status command, session 
management commands, and audit entry creation command (see fig 5E-5E-2, column 1 7 lines 
47-54, 19 lines 33-42). 

61. As per claim 89, Leon teaches a method wherein the one or more commands 
corresponding to the exporting shares state include commands for one or more of logon 
command, logoff command, query Current User Role command, query current user ID 
command, export share command, abort export command, get status command, session 
management commands, and audit entry creation command (see fig 5A, column 12 lines 30-42, 
table 1 in column 12). 

62. As per claim 90, Leon teaches a method wherein the one or more commands 
corresponding to the importing shares state include command for one more of logon command, 
logoff command, query current user role command, query current user ID command, export 
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transport public key command, import share command, combine shares command, set status 
command, session management commands, and audit entry creation command (see fig 5E-5E-2, 
column 17 lines 47-54, 19 lines 33-42), 

63. As per claim 91, Leon teaches a method wherein the one or more commands 
corresponding to the error state include commands for one or more of get status command, and 
access control queries command (see abstract, figs 5f, see column 18 line 18-40, 24 line 60-25 
line 5), 

64. As per claim 92, Leon teaches a security system comprising computer executable code to 
keep track of a present operational state (see column 8 line 45-62). 

65. As per claim 93, Leon teaches a security system wherein the processor is programmed to 
verify that the authenticated user is authorized to assume a role and perform a corresponding 
operation (see column 8 line 45-62), 

66. As per claim 94, Leon teaches a security system wherein the system includes a computer 
executable code for supporting multiple concurrent users and maintaining a separation of roles 
and operations performed by each user (see fig 1A, IB), 
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67. As per claims 95-98, Leon teaches a secured system wherein a postage value including a 
postal indicium comprises a digital signature, a postage amount, an ascending register of used 
postage and descending register of available postage (see fig 8F, table 3 column 42). 

68. As per claim 99-100, Leon teaches a security system wherein the value bearing item 
include a bar code is a ticket (see fig 9). 

69. As per claim 101, Leon teaches a security system wherein each security device 
transaction data includes information to define the present operational state of the device (see fig 
6A, column 9 line 35-67). 

70. As per claim 102, Leon teaches a security system wherein the cryptographic engine is 
programmed to perform one or more of Ri vest, Shamir and Adleman (RSA) public key 
encryption, DES, Triple-DES, DSA signature, SHA-1, and Pseudo-random number generation 
algorithms (see column 11 lines 51-12 line 4, 13 line 47-62). 

71. As per claim 103, Leon teaches a method or printing a ticket, a bar code, a coupon, (see 
fig 9). 



72. As per claim 104, Leon teaches a method for securing data (SMD, 110a t 110b comprise a 
cryptographic module) in a computer network (network 100a f 1 00b \ fig 1A, IB) having a 
plurality of user terminals (users, 120, fig 1A, IB) the method comprising and verifying that a 
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user is authorized to assume a role and determining a state in a state machine for availability of 
one or more commands {see fig 1A, IB, 5A, 6A, column 9 lines 34-67). Leon fail to teach an 
inventive concept of storing information about a plurality of users using the plurality of terminals 
in a database remote from the plurality of securing the information about the users in the 
database by one or more of cryptographic devices remote from the plurality of user terminals 
storing a plurality of security device transaction data wherein each transaction data is related to 
one of the plurality of users. However Whitehouse teaches an inventive concept of storing 
information about a plurality of users using the plurality of terminals in a database remote from 
the plurality of securing the information about the users in the database by one or more of 
cryptographic devices remote from the plurality of user terminals storing a plurality of security 
device transaction data wherein each transaction data is related to one of the plurality of users 
{see fig 4, column 8 lines 30-9 line 31). Therefore, it would have been obvious to one of ordinary 
skill in the art at the time the invention was made to modify Leon's inventive concept to include 
Whitehouse's an inventive concept of storing information about a plurality of users using the 
plurality of terminals in a database remote from the plurality of securing the information about 
the users in the database by one or more of cryptographic devices remote from the plurality of 
user terminals storing a plurality of security device transaction data wherein each transaction 
data is related to one of the plurality of users this would have protected the privacy of those 
transaction and the privacy of the user thereby making easier for the system to retrieve and 
identify the user of the system. Furthermore, the combination of Leon and Whitehouse fails to 
teach an inventive concept of a cryptographic device manages value of available for the value 
bearing item. However, Cordery et al teach an inventive concept of a cryptographic device 



Application/Control Number: 09/690,083 Page 25 

Art Unit: 3621 

manages value of available for the value bearing item (see figs 1, 3 and 5, column 1 lines 24-65). 
Therefore it would have been obvious to one of ordinary skill in the art at the time the invention 
was made to modify the combination of Leon and Whitehouse to include Cordery et al's 
inventive concept a cryptographic device manages value of available for the value bearing item 
because this would have eliminate stolen and relocated meter problems and simplifies meter 
management in general. 

73. As per claim 105, Leon teaches a method of printing the value bearing item (see fig 9). 

74. As per claim 106, Leon teaches a method of loading a security device transaction data 
related to a user into one of the one or more of cryptographic devices when the user requests to 
operate on a value bearing item (see column 9 lines 28-33, 13 lines 48-62, 15 lines 23-32). 

75. As per claim 107, Leon teaches a method of loading a security device transaction data 
related to the cryptographic device when the user requests to operate on a value bearing item (see 
column 9 lines 28-3 3 f 13 lines 48-62, 15 lines 23-32). 

76. As per claim 1 08, Leon teaches a method of authenticating the identity of each user and 
verifying that the identified user is authorized to assume a role and to perform a corresponding 
operation (see column 8 lines 45-9 line 10). 
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77. As per claims 109-1 15, Leon teaches a method of determining an uninitialized state, an 
initialized state, an operational state, an administrative state, an exporting shares state, an 
importing shares state, and an error state (see fib 5A, 6A } column 9 lines 45-67), 

78. As per claims 1 16-120, Leon teaches a method of printing a postage value including a 
postal indicium comprises a digital signature, a postage amount, or a ticket (see fig 9). 

79. Applicant further failed to file a terminal disclaimer for the double patenting rejection 
on the application 09/688,456. Therefore the rejection is sustain 

Conclusion 

80. Applicant's amendment necessitated the new ground(s) of rejection presented in this 
Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). 
Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within TWO 
MONTHS of the mailing date of this final action and the advisory action is not mailed until after 
the end of the THREE-MONTH shortened statutory period, then the shortened statutory period 
will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 
CFR 1.136(a) will be calculated from the mailing date of the advisory action. In no event, 
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however, will the statutory period for reply expire later than SIX MONTHS from the date of this 
final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Firmin Backer whose telephone number is (703) 305-0624. The 
examiner can normally be reached on Mon-Thu 8:30-6:00. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, James Trammell can be reached on (703) 305-9768. The fax phone numbers for the 
organization where this application or proceeding is assigned are (703) 305-7687 for regular 
communications and (703) 305-7687 for After Final communications. 

Any inquiry of a general nature or relating to the status of this application or proceeding 
should be directed to the receptionist whose telephone number is (703) 308-1 1 13. 



Firmin Backer 
Examiner 
Art Unit 3621 
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